164.312(c) Technical Safeguards

Person or Entity Authentication

Critical Risk Moderate Medium

Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.

Implementation Guidance

Implement authentication mechanisms including passwords, tokens, biometrics, or other authentication methods.

Authentication policies, password policies, multi-factor authentication procedures, authentication failure procedures.

Strong password policies, multi-factor authentication, unique user accounts, regular authentication reviews.

Weak passwords, no multi-factor authentication, shared accounts, inadequate authentication policies.

Review authentication policies, test password strength, verify multi-factor authentication, test authentication failure handling.

Download expert-developed templates and checklists to implement this control:

Control ID 164.312(c)

Category Technical Safeguards

Risk Level Critical

Difficulty Moderate

Est. Cost Medium

Timeframe 2-4 months

Last Updated Mar 7, 2026

Get Expert Help Free Assessment

Explore other controls in the Technical Safeguards category.

Our certified HIPAA experts can help you implement this control correctly and efficiently.